Latest Articles

Cache-poisoning attack snares top Brazilian bank

Categories: Malware

From The Register (Dan Goodin)

One of Brazil’s biggest banks has suffered an attack that redirected its customers to fraudulent websites that attempted to steal passwords and install malware, according to an unconfirmed report.

According to this Google translation of an article penned in Portuguese, the redirection of Bradesco was the result of what’s known as a cache poisoning attack on Brazilian internet service provider NET Virtua. Read the full story [theregister.co.uk]

Read more...

Experts call for better measurement of security

Categories: Compliance

If there’s one key message coming through all of the noise at the RSA Conference this week it’s the fact that there’s a pressing need for more data. Data on attacks, data on vulnerabilities, data on data breaches, data on software security, data on everything having to do with security. The mini-movement that has sprung up around metrics and measurement in security has taken over a lot of the conversation at the conference, with some interesting results.

Read more...

RSA Panel Review – Macs in the Enterprise

Categories: Malware

By Andrew Storms

Managing IT for a software company has its challenges.  For me, the lines between efficiency, security and innovation are difficult to draw at a company like nCircle where engineers require some freedom to perform their best.  The panelists at the RSA session “Responding to the ignored threat – Macs in the Enterprise” seemed to face the same kind of problems I do.

Read more...

85% of malicious sites only online for 24 hours

From PC Advisor (Carrie-Ann Skinner)

More than 80 percent of websites that had been poisoned with malicious code between 2008 and 2009 were removed within 24 hours, says AVG.

The security vendor’s Web Threat Profile Report estimated that on any one day between 8 and 14 million web users are being exposed to social engineering scams, such hoax Facebook pages or rogue security apps that encourages surfers to download malicious software to their PC. Read the full story [cio.com]

Read more...

The Importance of Internet Identity and Anonymity

Categories: Compliance

By George V. Hulme

Last year, Craig Mundie issued a call to arms for a more “trustworthy Internet” — not that Microsoft has been entirely successful at implementing its arguably more humble Trustworthy Computing initiative. But let’s not let the computing industry’s failure to bring forward operating systems, web servers, or even Web browsers that don’t get gummed with malware, or pwned by exploits stop us for shooting for the Holy Grail of computing: a complete chain-of-trust throughout the Internet, from the bottom to the top, called End to End trust.

Read more...

RSA Cryptographer’s Panel: Cloud Computing Takes Center Stage

Categories: Cryptography

By George V. Hulme

Not so surprising, the state elders of cryptography had a few things to say about the security of cloud computing — but with little agreement.
Whitfield Diffie, chief security officer at Sun Microsystems, kicked off the cloud security discussion, stating that while securing the cloud computing model will have its challenges, they’ll be overcome in due time, and that ultimately cloud computing will become as pervasive as, well, clouds. “Cloud computing will come to where no real program and data will be ran on the computers of the company that is using the program,” he says.

Read more...

Blackberry plugs code execution holes

Categories: Vulnerabilities

From The H Security
Research In Motion have published an advisory [blackberry.com] to warn of another vulnerability in the PDF distiller of the BlackBerry Attachment service. This new vulnerability is in addition to previous issues with the PDF distiller service.
According to US-CERT, the issue is related to VU196617 [cert.org], which involves the open source Xpdf and poppler applications and their handling of JBIG2 data. Read the full story [h-online.com]

Read more...

5 security flubs users make while Web surfing

Categories: Web Security

From CIO (Joan Goodchild)
You can install the best firewalls, patch religiously, and make sure your anti-virus software is always up-to-date, but there is one online risk factor you can never control: the user. Whether they are downloading dangerous content or falling prey to phishing scams, the end user continues to be the toughest security risk to mitigate in most organizations.
With that constant struggle in mind, giving users education about what they are doing and why it is dangerous is the more effective strategy. Here are some of the more common security missteps users take and some advice [cio.com] on how to stay secure online.

Read more...